HPE Community
Operating System - HP-UX
1833767 Members
2217 Online
110063 Solutions
New Discussion

Telnet and ftp

 
Angelo Mercieca
Occasional Contributor

‎02-22-2004 06:15 AM

‎02-22-2004 06:15 AM

Telnet and ftp

I would like to stop the use of telnet and ftp commands by all users except by root and specified users. Is this possible? If so, how do I go about doing it?
Thank you.
0 Kudos
Reply
7 REPLIES 7
Pieter_5
Advisor

‎02-22-2004 06:21 AM

‎02-22-2004 06:21 AM

Re: Telnet and ftp

You can disable acces to ftp by placing a user in the file /etc/ftpd/ftpusers.

0 Kudos
Reply
Bill Hassell
Honored Contributor

‎02-22-2004 07:16 AM

‎02-22-2004 07:16 AM

Re: Telnet and ftp

The easiest way is to remove their accounts. If the problem users use your system with tools like email, you can replace their shell /usr/bin/sh with /usr/bin/false. They can login but will immediately be disconnected.


Bill Hassell, sysadmin
0 Kudos
Reply
Michael Tully
Honored Contributor

‎02-22-2004 08:54 AM

‎02-22-2004 08:54 AM

Re: Telnet and ftp

The easiest way would be to create a seperate /etc/passwd file for the duration of how long you wish to not allow the majority of users onto your system. Only other way is to have a list of the specified users and apply this list to /etc/profile. You can place some code in /etc/profile that reviews the list and evaluate whether these users can login or not. My suggestion is the first, by using a second /etc/passwd list.
This posting, may help with the code with /etc/profile should you like to make use of it.
Anyone for a Mutiny ?
0 Kudos
Reply
Sridhar Bhaskarla
Honored Contributor

‎02-22-2004 05:24 PM

‎02-22-2004 05:24 PM

Re: Telnet and ftp

Hi,

I don't know if I understood your question correctly. If you are asking about the users that can 'telnet|ftp' *into* the system, then you already got the answer.

If you are asking about restricting the users to access 'telnet|ftp' on the system, then one way is to change the permissions on these executables. Create a group with users that need access to telnet and ftp. Change the permissions on these commands to allow only owner and the group to execute.

However, there are other ways by which users can simulate telnet and ftp and the above doesn't really stop the ones that want to use them.

A solid alternative is to create the users with restricted shell. For ex., create the user with the shell /usr/bin/rsh. Edit his/her profile and place PATH=/usr/restrict/bin. Make the owner as root. This way user can execute only the commmands in /usr/restrict/bin directory. You can link|copy the commands you want to there.

-Sri
You may be disappointed if you fail, but you are doomed if you don't try
0 Kudos
Reply
T G Manikandan
Honored Contributor

‎02-22-2004 05:55 PM

‎02-22-2004 05:55 PM

Re: Telnet and ftp

you can stop telnet login of root by creating a file /etc/securetty.

Also add root user to /etc/ftpd/ftpusers

to deny ftp login as root.
0 Kudos
Reply
Sridhar Bhaskarla
Honored Contributor

‎02-22-2004 06:06 PM

‎02-22-2004 06:06 PM

Re: Telnet and ftp

Hi (Again),

I forgot to caution about changing the permissions. Your swverify will report errors as the permissions got changed on these binaries. Also, they may get replaced by a patch. So, whenever you install patches, make sure to check the permissions.

There are softwares like eTrust Access control, powerbroker etc., that can be used to effectively shut down the permissions on what the user can|cannot do. But you have to play $$ for that.

-Sri
You may be disappointed if you fail, but you are doomed if you don't try
0 Kudos
Reply
rmueller58
Valued Contributor

‎02-23-2004 01:18 AM

‎02-23-2004 01:18 AM

Re: Telnet and ftp

You can selective enable/disable internetworking services from SAM.. with the following path (at least 11x)

Networking and Communication -->
System Access-->
Internet Services -->

From this path you can disable the services

0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.